Use python without install it.

Kiril Karaatanasov karaatanasov at hotmail.com
Mon Aug 5 04:56:13 EDT 2002


"Bertrand Geston" <bergeston at yahoo.fr> wrote in message news:<ai917o$12j0d8$1 at ID-135695.news.dfncis.de>...
> Hi,
> 
> Does somebody know if it is possible to use python on a computer under Linux
> on that it's not allowed to install it for security reasons (server in
> production) ?

One ususaly does not need to have python in /bin /usr/bin or other
peculiar location. One may have it in their own home directory say
/export/home/Geston.
All files may have read/exec right solely for their user etc. Of
course you can have the whole Pytohn thing on a CD. All you need to
know is where python is and have enough permissions to execute it.

> The purpose is to have some shell scripts written in Python to make some
> maintenance tasks. Those scripts are launched manually.

I would again assume those script run as special user may be even
root. There is no problem to prvent read/execute rights for any other
users. Note that removing only execute does not always solve the
problem thus prevent reading as well.

> 
> Run it from a CD rom ? How ?

Just have the python root ont the CD :o)

> Special user ? is it really secure ?

You could have the special user. 

There are tow aspects to your question
1. Is python stable enough, so it does not crash in such a way that
this allows another user to gain more priviledge then supposed to.

The answer about Python is it is quite stable probably more stable
then most other software. However your scripts may not be :o)

2. Is it secure to have Python on the machine?
Well Pytohn is merely a script language interpreter. Who has acces to
it and how is something you determine. Do you have shell interpreter,
perl etc.? A script interpreter is far easier to secure then a web
server and much more reliable. Moreover it will only be accessible to
people with shell accounts on a production server I would not grant
many shell accounts.

> Other idea ?

No. However I would avoid putting customized Python distros or
recompiled using some tool versions for the reason this may have some
security implications.
> 
> TIA.
> 
> B.



More information about the Python-list mailing list